I didn’t even notice it this morning, but it was 05:45 when I woke up so that should be an excuse. It’s not only ESX 3.5 that needs to be patched, same goes for the 3.0.x hosts. So be sure to check out the patches section of the VMware website if you’ve still got 3.0.x running.
patches
New patches for ESX 3.5
VMware just released a bunch of patches for ESX 3.5, three security, two critical and one general:
- VMware ESX 3.5, Patch ESX350-200811408-BG: Updates QLogic Software Driver
- VMware ESX 3.5, Patch ESX350-200811406-SG: Security Update to bzip2 in Service Console
- VMware ESX 3.5, Patch ESX350-200811405-SG: Security Update to libxml2 in Service Console
- VMware ESX 3.5, Patch ESX350-200811402-SG: Updates ESX Script
- VMware ESX 3.5, Patch ESX350-200811401-SG: Updates VMkernel, hostd, and Other RPM
And I know for a fact that some of you where waiting on ESX350-200811401 to drop:
-
A memory corruption condition may occur in the virtual machine hardware. A malicious request sent from the guest operating system to the virtual hardware may cause the virtual hardware to write to uncontrolled physical memory.The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-4917 to this issue.
-
VMotion might trigger VMware Tools to automatically upgrade. This issue occurs on virtual machines that have the setting for Check and upgrade Tools before each power-on enabled, and the affected virtual machines are moved, using VMotion, to a host with a newer version of VMware-esx-tools. Symptoms seen without this patch:
- Virtual machines unexpectedly restart during a VMotion migration
- The guest operating systems might stall (reported on forums).
Note: After patching the ESX host, you need to upgrade VMware Tools in the affected guests that reside on the host.
- Swapping active and standby NICs results in a loss of connectivity to the virtual machine.
- A race issue caused an ASSERT_BUG to unnecessarily run and caused the ESX host to crash. This change removes the invalid ASSERT_BUG.Symptoms seen without this patch: The ESX host crashes with an ASSERT message that includes fs3DiskLock.c:1423.Example: ASSERT /build/mts/release/bora-77234/bora/modules/vmkernel/vmfs3/fs3DiskLock.c:1423 bugNr=147983
- A virtual machine can become registered on multiple hosts due to a .vmdk file locking issue. This issue occurs when network errors cause HA to power on the same virtual machine on multiple hosts, and when SAN errors cause the host on which the virtual machine was originally running to lose its heartbeat. The original virtual machine becomes unresponsive.With this patch, the VI Client displays a dialog box warning you that a .vmdk lock is lost. The virtual machine is powered off after you click OK.
- This change fixes confusing VMkernel log messages in cases where one of the storage processors (SP) of an EMC CLARiiON CX storage array is hung. The messages now correctly identify which SP is hung.Example of confusing message:vmkernel: 1:23:09:57.886 cpu3:1056)WARNING: SCSI: 2667: CX SP B is hung.
vmkernel: 1:23:09:57.886 cpu3:1056)SCSI: 2715: CX SP A for path vmhba1:2:2 is hung.vmkernel: 1:23:09:57.886 cpu3:1056)WARNING: SCSI: 4282: SP of path vmhba1:2:2 is
hung. Mark all paths using this SP as dead. Causing full path failover.In this case, research revealed that SP A was hung, but SP B was not.
-
This patch allows VMkernel to successfully boot on unbalanced NUMA configurations—that is, those with some nodes having no CPU or memory. When such unbalanced configuration is detected, VMkernel shows an alert and continues booting. Previously, VMkernel failed to load on such NUMA configurations.Sample alert message when memory is missing from one of the nodes (here, node 2):
No memory detected in SRAT node 2. This can cause very bad performance.
- When the zpool create command from a Solaris 10 virtual machine is run on a LUN that is exported as a raw device mapping (RDM) to that virtual machine, the command creates a partition table of type GPT (GUID partition table) on that LUN as part of creating the ZFS filesystem. Later when a LUN rescan is run on the ESX server through VirtualCenter or through the command line, the rescan takes a significantly long amount of time to complete because the VMkernel fails to read the GUID partition table. This patch fixes this problem.
Symptoms seen without this patch: Rescanning HBAs takes a long time and an error message similar to the following is logged in /var/log/vmkernel:Oct 31 18:10:38 vmkernel: 0:00:45:17.728 cpu0:8293)WARNING: SCSI: 255: status Timeout for vml.02006500006006016033d119005c8ef7b7f6a0dd11524149442030. residual R 800, CR 80, ER 3
-
A race in LVM resignaturing code can cause volumes to disappear on a host when a snapshot is presented to multiple ESX hosts, such as in SRM environments.Symptoms: After rescanning, VMFS volumes are not visible.
-
This change resolves a rare VMotion instability.Symptoms: During a VMotion migration, certain 32-bit applications running in 64-bit guests might crash due to access violations.
- Solaris 10 Update 4, 64-bit graphical installation fails with the default virtual machine RAM size of 512MB.
- DRS development and performance improvement. This change prevents unexpected migration behavior.
-
In a DRS cluster environment, the hostd service reaches a hard limit for memory usage, which causes hostd to restart itself.Symptoms: The hostd service restarts and temporarily disconnects from VirtualCenter. The ESX host stops responding before hostd reconnects.
-
Fixes for supporting Site Recovery Manager (upcoming December 2008 release) on ESX 3.5 Update 2 and Update 3.
So what if I would have $ 50.000
Sometimes you wished you hadn’t invested all of your 50.000 dollars on an employee who will be doing “migrations” for you. So what am I talking about? Well imagine yourself in a 24×7 environment, or anyother environment for that matter and you just received an email about this patch. Yeah this patch NEEDS to be applied a.s.a.p. cause it’s a major vulnerability. So in other words, patch your Hyper-V. This means either a quick migration or shutdown the vm’s in any environment that would cause downtime either way. I think your $ 50.000(which probably isn’t the correct amount anyway) is well spend within matter of days.
Thanks for making our arguments valid.
By the way, make sure to patch your systems asap cause a new worm virus can be expected that takes advantage of this feature(;)) soon…
Rollup pack for 3.0.2
VMware just released a rollup bundle for 3.0.2. So those still on 3.0.2 and looking for a quick way to get up to the latest patch level take a look at this KB article and download the patch here.
Roll‐ups provide you with a convenient way to download and install multiple bundles at one time. Installing this roll-up bundle zip file will provide all the fixes for the ESX Server 3.0.2 as of September 30, 2008.
The roll-up bundle zip file only contains fixes for the ESX Server 3.0.2 software. The roll-up bundle zip file cannot be used to upgrade from prior ESX Server releases.
patches for 3.0.x released
VMware just released a whole bunch of patches for 3.0.x, so if you’re still using 3.0.x than you should take a look here. At least three of them are related to Linux Guests! There are 6 patches for 3.0.2 and 4 for 3.0.3. Have fun, 😉